The resilience of the private sector in cyberspace is crucial to national security. The private sector is often a weak link in the national system, and thus allows a cyber attack to arise and undermine fundamental state assets. At the same time, internal market elements lead to inadequate organizational investment in cyber security. This research, which relies on an analysis of parallel regulatory domains in the world in the cyber realm and other areas, proposes a multi-layered regulatory model for private sector cyber security. The model includes binding state regulatory arrangements, control mechanisms to oversee self-regulatory arrangements, and incentives for private organizations to defend themselves. In the age of Internet of Things and the significance of Artificial Intelligence technologies across sectors, along with the evolvement of a market for cyber insurance, cyber security regulation in the private sector is a vital national interest.
